Server Can't Find: SERVFAIL & Bind9 DNS Server Setup
So go by these steps it worked for me and I'm sure it will work for you.
1.Set your hostname equal to one of your ServerNames like:
server.example.com
2.configure the interfaces in /etc/network/ like:
iface ens3 inet static
address 192.168.1.10
netmask 255.255.255.0
don't forget to restart 'networking'.
now let's config the bind. You don't need to edit all of the dbs just do it like bellow:
open /etc/bind/named.conf.local add this at the end of the file:
zone "example.com" IN {
type master;
file "/etc/bind/forward.example.com;
};
zone "1.168.192.in-addr.arpa" IN {
#1.168.192 is the reverse of 192.168.1 wit out the last part "10"
type maste;
file "/etc/bind/reverse.example.com";
}
now in /etc/bind
cp db.local forward.example.com
now edit forward.example.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA server.example.com root.server.example.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS server.example.com.
@ IN A xxx.xxx.xxx.xxx #your public static ip adress if you-
server IN A xxx.xxx.xxx.xxx #did you portforwards in NAT if you -
host IN A xxx.xxx.xxx.xxx #didn't import the static private ip-
client IN A xxx.xxx.xxx.xxx #address.
www IN A xxx.xxx.xxx.xxx
@ IN NS ns1.example.com.
@ IN A xxx.xxx.xxx.xxx
ns1 IN A xxx.xxx.xxx.xxx
@ IN MX 10 admin.example.com.
@ IN A xxx.xxx.xxx.xxx
admin IN A xxx.xxx.xxx.xxx
#this config contains email server configure too.
now in the same directory cp forward.example.com reverse.example.com
now edit reverse zone like bellow:
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA server.example.com root.server.example.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS server.example.com.
@ IN PTR exapmle.com.
server IN A xxx.xxx.xxx.xxx
host IN A xxx.xxx.xxx.xxx
client IN A xxx.xxx.xxx.xxx
www IN A xxx.xxx.xxx.xxx
10 IN PTR server.exapmle.com.
11 IN PTR client.exapmle.com.
@ IN NS ns1.exapmle.com.
ns1 IN A xxx.xxx.xxx.xxx
10 IN PTR ns1.exapmle.com.
@ IN MX 10 admin.exapmle.com.
admin IN A xxx.xxx.xxx.xxx
10 IN PTR admin.exapmle.com.
#the ten in above of hashtag is the end number of your ip 192.168.1.(10)
or xxx.xxx.xxx.(xxx)
forward and reverse zones are configured now. naw follow the command:
sudo named-checkconf -z /etc/bind/named.conf
sudo named-checkconf -z /etc/bind/named.conf.local
sudo named-checkzone forward /etc/bind/forward.example.com
sudo named-checkzone reverse /etc/bind/reverse.example.com
the outputs should show that the zones are loaded and there is no error.
now restart bind. if there was an error just use journalctl -xe and see the details more times it just a typo and mistakes like that.
now do these:
sudo chown -R bind:bind /etc/bind
sudo chmod -R 755 /etc/bind
sudo systemctl restart bind9
sudo systemctl enable bind9
ufw allow bind9
ufw allow 53
ufw allow 53/tcp
ufw allow 53/udp
go to /etc/network/interfaces again add this in the end of file:
dns-search example.com
dns-nameserver 192.168.1.10
after that restart networking with sudo systemctl restart networking
nano this file now: /etc/resolv.conf
add these at the end of the file:
nameserver 192.168.1.10
search example.com
restart the networking restart the NetworkManager
now ping/nslookup/dig ns.example.com or server.example.com
NOW It's WORKING
Related videos on Youtube
Alpcap
Updated on September 18, 2022Comments
-
Alpcap over 1 year
i'm trying to deploy a web app on a VPS server. The app build with Django and currently trying to serve files with Apache2. I'm having trouble with DNS setup(bind9). The company i use does not help me with this.
Could you help me to solve this issue that i have dealt with 3 days ?
OS:
Distributor ID: Ubuntu Description: Ubuntu 16.04.7 LTS Release: 16.04 Codename: xenial
_
nslookup example.com ;; Got SERVFAIL reply from 8.8.8.8, trying next server Server: 8.8.4.4 Address: 8.8.4.4#53 ** server can't find example.com : SERVFAIL
_
nslookup example.com 185.106.209.113 Server: 185.106.209.113 Address: 185.106.209.113#53 Name: Address: 185.106.209.113
When i go to http://185.106.209.113/ address, i can see Apache2 default page. If i type http://example.com/ throws me DNS_PROBE_FINISHED_NXDOMAIN error.
|-- [-rwxr-xr-x bind ] bind.keys |-- [-rwxr-xr-x bind ] db.0 |-- [-rwxr-xr-x bind ] db.127 |-- [-rwxr-xr-x bind ] db.255 |-- [-rwxr-xr-x bind ] db.empty |-- [-rwxr-xr-x bind ] db.local |-- [-rwxr-xr-x bind ] db.root |-- [-rwxr-xr-x bind ] named.conf |-- [-rwxr-xr-x bind ] named.conf.default-zones |-- [-rwxr-xr-x bind ] named.conf.local |-- [-rwxr-xr-x bind ] named.conf.local.back |-- [-rwxr-xr-x bind ] named.conf.options |-- [-rwxr-xr-x bind ] rndc.key |-- [drwxr-sr-x bind ] zones | |-- [-rwxr-xr-x bind ] db.185.106 | `-- [-rwxr-xr-x bind ] db.example.com `-- [-rwxr-xr-x bind ] zones.rfc1918
named.conf.options:
acl "trusted" { 185.106.209.113; }; options { directory "/var/cache/bind"; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. forwarders { 185.106.209.113; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
named.conf.local:
//include "/etc/bind/zones.rfc1918"; zone "example.com" { type master; file "/etc/bind/zones/db.example.com"; allow-transfer { 185.106.209.113; }; also-notify { 185.106.209.113; }; }; zone "209.106.185.in-addr.arpa" { type master; file "/etc/bind/zones/db.185.106"; allow-transfer { 185.106.209.113; }; also-notify {185.106.209.113; }; };
db.example.com:
; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA ns1.example.com. root.example.com. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; NS records @ IN NS ns1.example.com. @ IN NS ns2.example.com. @ IN A 185.106.209.113 ; A records ns1.example.com. IN A 185.106.209.113 ns2.example.com. IN A 185.106.209.113
db.185.106
; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA ns1.example.com. root.example.com. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; name servers - NS records IN NS ns1.example.com. IN NS ns2.example.com. ; PTR Records 113.209 IN PTR ns1.example.com. ; 185.106.209.113 113.209 IN PTR ns2.example.com. ; 185.106.209.113
and firewall status:
To Action From -- ------ ---- 22 ALLOW Anywhere 80/tcp ALLOW Anywhere Apache Full ALLOW Anywhere 8000 ALLOW Anywhere 53 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) Apache Full (v6) ALLOW Anywhere (v6) 8000 (v6) ALLOW Anywhere (v6) 53 (v6) ALLOW Anywhere (v6)
-
Doug Smythies over 3 yearsI deleted my answer. I realized it was incorrect for what you want. I only a run a local bind9 DNS, but leave the external world DNS management of my domain to my ISP, but managed by me. So, internally, my domain looks up as a local only address, 192.168.111.1, whereas externally it is a WAN IP address.
-
-
Alpcap over 3 yearsThank you very much for your guidance, nslookup and ping commands work very well right now however on intodns there is few errors and i truly don't understand them.
-
Reza Azimi over 3 yearsyou're welcome @Alpcap , that's My pleasure
-
Reza Azimi over 3 years@Alpcap it's normal, search them in google they will solve easily.